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METHOD AND APPARATUS FOR MANAGING 
CONFIGURATION OF A NETWORK 

The present invention relates to a method and apparatus for 
5 managing configuration of a network. 

The invention finds application in the field of telecommunication 
networks. It is described here, by way of non-limiting example, in its application 
to a network of the Internet type. 

Internet Protocol (IP) is a communication protocol that interconnects 
10 various hosts. In general, IP hosts are computers implementing an IP protocol 
stack and applications. 

A set of directly connected hosts, e.g. a set of hosts sharing a single 
cable, are able to communicate directly with each other. Such a construction is 
called an IP network or sub-network, or simply an IP subnet. 
15 In the case where these hosts are not connected directly, e.g. there 

are two separated physical links, additional equipment is needed in order to 
provide IP connectivity between the hosts on these physically separated IP 
subnets. Such additional equipment is referred to as a router. 

A router connects a plurality of IP subnets and enables hosts of 
20 different subnets to "talk" to each other through the router. 

The router is a computer having hardware and software adapted to 
forward received IP packets sent by the hosts. 

As is well known by a person skilled in the art, routers support 
protocols, services and many other functions. The operation of these functions 
25 is controlled by variables and parameters. 

A set of values of these variables and parameters is a configuration. 
The network administrator controls the operation of a router through 
configuration management, i.e. by setting and changing these values. 
Configuration management of a router is called "element configuration 
30 management". 

Configuration of routers and hosts in a network is called "network 
configuration". It has the meaning of planning and setting functionalities of the 
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network which are valid for the whole managed network or part of it. Such 
functionalities include for instance routing protocols, forwarding policies, virtual 
private networks, features relating to quality of service, etc. Moreover, there are 
link-related configurations, e.g. IP over Point-to-Point connections. Each router 
5 has its individual part of configuration, such as special attributes of layer 1 , layer 
2 interfaces, software configuration, etc. 

There are currently many known ways to manage IP based data 
communication networks, belonging basically to two main categories: manual 
configuration methods and indirect configuration methods. In manual 

10 configuration methods, the network administrator accesses a network device to 
be managed and, using an element management method, he sets the attributes 
to be configured. In indirect configuration methods, the network administrator 
uses an application to access the network device to be configured and to carry 
out the element management. The network device is thus managed indirectly 

15 by the network administrator. 

An important feature of IP manual configuration is per-element 
management, which implies accessing one by one each host and/or router to be 
configured. 

For per-element management, only a few element management 
20 methods are currently used, such as methods using the Command Line 
Interface (CLI) command set, methods based on configuration file editing, 
menu-based element management, element management methods using the 
SNMP (Simple Network Management Protocol) standard protocol with the 
Management Information Base (MIB) defining managed objects and their 
25 attributes, or Web-server based element management. 

When a large-scale IP network, i.e. having a number of routers of the 
order of hundreds or thousands, is to be managed using the above-mentioned 
configuration management methods, some problems arise. 

As a matter of fact, the configuration of a router includes: 
30 - element specific values, which are relevant only for one node and 

have no correlation with other nodes; 
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- link specific values, which are relevant for the routers connected to 
a given link, are typical for the link and must be the same in the connected 
routers (for example: IP subnet mask, Open Shortest Path First (OSPF) 
adjacency parameters, etc.); and 

5 - domain specific values, which are typical for a logical managed 

object defined in the network (such as an OSPF area, a Differentiated Services 
(DiffServ) domain, etc.) and which are relevant for many routers. 

When the network administrator has defined the values of the 
attributes to be set, he has to make corresponding changes on the relevant 
10 routers. In the case of link or domain specific configuration, in a large-scale 
network, the following problems, detailed hereafter, arise: 

- the configuration cost increases drastically, 

- target identification, i.e. localisation of the elements to be 
configured in the network, becomes more complex, 

1 5 - validation of the changes to be made is made more difficult, and 

- making the element management operations from one point in the 
network requires a proper execution sequence but the latter becomes hard to 
find. 

Regarding the configuration cost, assuming for example that the 
20 network administrator has to change the identifier of an OSPF area having 500 
routers, even if the identifier is represented by only one attribute, the network 
administrator will have to change 500 attributes. This is very time-consuming. 

Regarding target identification, in the above example, the network 
administrator has to know somehow which are the 500 routers concerned by 
25 the change. Moreover, due to the large size of the network, it is difficult to have 
an overview of all relationships existing between configurations. In some cases, 
indirect target routers may also be concerned by the change. For example, 
when the network administrator wants to transfer several routers from an OSPF 
area into another one, he has to take care to take account of all interfaces 
30 affected by the transfer in order to avoid link failures. This kind of indirect target 
identification can only be done by performing an analysis of the topology and of 
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the special characteristics of the managed object. In a large-scale network, this 
is not trivial. 

Regarding validation, it has to be determined whether the required 
change leads to a valid state, i.e. whether the network with the new 
5 configuration serves its purpose. It also becomes difficult in a large-scale 
network, due to the fact that dozens of routers will be configured as part of a 
change. Performing an analysis of the new state within a reasonable amount of 
time is impossible. 

Regarding the execution sequence issue, as for target identification 
10 and for validation, it is important to see the special characteristics of the 
configured managed object and the topology in order to know the effect of the 
changes involved by configuration. For example, when configuring an OSPF 
link, due to the fact that the OSPF link is established only if its attributes have 
the same values in each connecting interface, the sequence of setting the target 
15 interfaces is of particular relevance. The greater the number of targets, 
including indirect targets, the more difficult the task. 

The present invention aims at simplifying the configuration 
management process in order to overcome the above-mentioned drawbacks. 

To this end, the present invention provides a method for managing 
20 configuration of a network in a management centre, the network having a 
plurality of target objects, remarkable in that it comprises: 

elaborating a model of the network to be managed; 

identifying a plurality of target objects to be configured in the network; 

validating the changes to be made upon configuration of the plurality 
25 of target objects; 

and, if all changes have been validated: 

finding a sequence of target routers that provides continuous 
connectivity to the management centre; and 

configuring each of the target routers. 
30 Thus, thanks to the present invention, the network administrator can 

concentrate on actual network-wide object management instead of complex and 
time-consuming distributed, per-element implementation. 
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Furthermore, the per-element operations are carried out by the 
network management application instead of being performed by the network 
administrator, saving a considerable amount of time and reducing the risk of 
human errors. 

5 The invention is particularly adapted to be applied to large-scale IP 

networks. 

In a preferred embodiment, the above-mentioned model of the 
network is based on the CIM (Common Information Model) schema. 

In a preferred embodiment, the identification step includes identifying 
1 0 direct target objects and indirect target objects. 

In a preferred embodiment, the validation step includes checking the 
compliance of the changes to be made upon configuration with a predetermined 
set of rules. 

In a preferred embodiment, the network is an IP based mobile 
1 5 access network. 

The present invention also provides a computer program product, 
loadable into a computer, comprising software code portions for implementing 
the steps of a method as above when the product is run on a computer. 

The present invention also provides an apparatus for managing 
20 configuration of a network in a management centre, the network having a 
plurality of target objects, remarkable in that it comprises: 

a module for elaborating a model of the network to be managed; 

a module for identifying a plurality of target objects to be configured 
in the network; 

25 a module for validating the changes to be made upon configuration of 

the plurality of target objects; 

a module for finding a sequence of target routers that provides 
continuous connectivity to the management centre; and 

a module for configuring each of the target routers. 
30 The particular features and advantages of the computer program 

product and of the apparatus are similar to those of the method as succinctly 
described above and are therefore not repeated here. 
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Other features and advantages of the present invention will appear 
upon reading the following detailed description of a preferred embodiment, 
given by way of non-limiting example. 

The description refers to the accompanying drawings, in which: 
5 - Figure 1 shows the basic building blocks of a conventional DEN- 

based network management architecture; 

- Figure 2 shows the network management architecture in 
accordance with the present invention, in a preferred embodiment; and 

- Figure 3 illustrates the configuration operation control steps 
10 performed by the network manager application in accordance with the present 

invention, in a preferred embodiment. 

The method and apparatus according to the present invention are 
based on the Directory-Enabled Networking (DEN) concept. This is an industry- 
standard initiative and specification for how to construct and store information 

15 about a network's users, applications and data in a central directory. DEN 
defines an object-oriented information model that is based on another recent 
standard initiative, the Common Information Model (CIM). CIM is a model for 
describing overall management information in a network / enterprise 
environment. CIM comprises a specification and a schema. The specification 

20 defines the details for integration with other management models, while the 
schema provides the actual model descriptions. 

Both the DEN and CIM models are mapped into the directory defined 
as part of the Lightweight Directory Access Protocol (LDAP). 

As known by a person skilled in the art, LDAP is a software protocol 

25 for enabling anyone to access a Directory service to retrieve or manipulate data 
stored in the Directory, e.g. data of organisations, individuals, and other 
resources such as files and devices, in a network. 

By entering specific information about the network in the central 
directory using the proper mapping of a CIM model, network information then 

30 becomes available to any DEN-enabled application in the network. When a 
user attempts to open one of these types of applications on the network, the 
application checks dynamically in the LDAP global directory in order to see what 
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the user's access privileges should be. The application can then automatically 
open and configure itself to provide the correct level of access to its features, 
based on the usage policy information it has located in the LDAP directory. 

As shown in Figure 1, the central part of a conventional DEN-based 
5 network management system as standardised by the DMTF (Desktop 
Management Task Force) is a Directory server 10. 

The Directory server 10 contains management data using a CIM 
model 12. Such a Directory server may for example be an LDAP directory. 

A management station 14, controlled by the network administrator or 
10 operator 15, contains software adapted to communicate with the Directory 
server 10 - not directly with the managed devices - and operates on data in 
order to manipulate network configuration, i.e. to make the required network 
configuration changes. 

A router 16 with DEN support has an LDAP client and uses the same 
15 data model as the management station 14. The management station 14 
triggers the router 16 to update a plurality of objects. The triggered router 
initiates LDAP queries to download the new configuration data and refresh its 
relevant objects and consequently its configuration. 

For a router 18 without DEN support, legacy ways such as telnet/CLI, 
20 SNMP, etc. may be used in order to carry out the configuration changes made 
in the Directory server 10. 

As shown in Figure 2, the network configuration management 
method and apparatus according to the present invention improve the DEN 
architecture. 

25 According to a first feature of the invention, the CIM schema models 

all entities in the network to be managed and the modelling of the network does 
not reflect the physical entities in the network, but reflects the logical 
management objects in the network. For example, an OSPF area is 
represented as one object holding its attributes, instead of having each router 

30 represented as one object holding the OSPF area parameters. The OSPF area 
class aggregates the interfaces that are in the same area. Therefore, if there is 
a configuration change in an OSPF area, the management software knows that 



WO 03/058884 PCT/EB02/00740 



the changed values apply to the routers having an interface associated with the 
changed area object. Such an approach not only reduces the network 
administrator's workload, but it also decreases the probability of human errors. 

According to a second feature of the invention, a set of rules 20 
5 connected to the model is generated to ensure consistency and validity of the 
configuration manipulations. The rule set defines how the application can 
create, modify or delete an object. The rules follow the behaviour of the 
modelled managed object. For example, a rule may state that an OSPF 
interface can only be created and configured on an IP interface of a router in the 

10 case where the associated router has an associated OSPF process. As 
another example, a rule may require that an IP interface cannot be shut down 
since it has an active OSPF interface, in order to ensure that the routing 
configuration will be valid all the time. 

The rule set makes it possible to prevent the network configuration - 

15 and the network - from defining wrong or meaningless configuration changes. 
This is a way for the application to filter the configuration change requests 
before "touching" the network. 

According to a third feature of the invention, a configuration operation 
control mechanism 22 is implemented in the management software of the 

20 management station 14. This mechanism includes identifying a plurality of 
target objects to be configured in the network, validating the changes to be 
made upon configuration of these target objects and, if all changes are 
validated, finding a sequence of target routers that provides continuous 
connectivity to the management station 14 and configuring each of the target 

25 routers. 

The configuration operation control mechanism 22 is illustrated in 
more detail in Figure 3. 

The network manager application, forming part of the management 
software contained in the management station 14, carries out the configuration 
30 operation control mechanism 22. 

This is a so-called network-wide configuration operation. During a 
first step 30, the network administrator defines the configuration operation (e.g. 
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reboot, stop, start, etc.) by manipulating the configuration data modelled by the 
network-wide CIM schema. For example, the network administrator selects an 
OSPF area and requests a change of this area's identification parameters. 

During the next step 32, the network manager application defines the 
5 direct targets by using the model. As the model follows the logical structure of 
the managed objects, the direct targets can be easily identified. Following the 
associations between the objects in the Directory, the relevant routers can be 
found. For example, an object that represents an OSPF area is associated with 
interface objects. These interface objects are associated with router objects. 

10 For configuring this OSPF area, the network administrator selects the area and 
gives the new values of the attributes. The network manager application then 
checks the interface associations of the target OSPF area object and finds the 
target routers. It then knows which routers and which interfaces must be 
configured according to the changes in the OSPF area object. These managed 

1 5 objects are the direct or primary targets for the configuration operation. 

For finding primary targets, as a variant, the network administrator 
may select one or more managed objects on the user interface provided by the 
application. In this case, the network administrator gives the primary targets to 
the application in an explicit manner. 

20 Furthermore, during step 32, by analysing the operation of the 

network, the network manager application checks whether other routers are 
affected by the requested configuration change, i.e. it determines indirect 
targets. 

During step 32, the network manager application also carries out a 
25 validation operation, consisting of checking the model rules to determine 
whether the required operation needs further consideration, and checking the 
validity regarding the managed object. In the example, the network manager 
application checks whether the operation is in compliance with the OSPF 
protocol. 

30 The validation operation aims at determining whether the required 

changes are allowed and determining whether the new state to which the 
changes lead is valid. The result of the validation operation may be the 
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rejection of the whole configuration request and the sending of a warning signal 
to the network administrator, indicating a possible problem. The original model 
must be kept and no routers are to be accessed. 

The application gives to the network administrator the possibility to 
5 react in case of a warning signal. Pursuant to the network administrator's 
response, the application may handle the configuration request with further 
configuration changes. 

If the operation is executable, the network manager application 
searches the right sequence of target routers, which makes it possible to ensure 
10 continuous connectivity with the management station 14. 

If no suitable sequence is found, the application attempts to define a 
temporary configuration - e.g. temporary static routes - that can help to find a 
suitable router sequence. 

The application may also attempt to divide the target set into smaller 
1 5 subsets and to define partial operations with their own sequence. 

If no temporary solution is found, then the original model must be 
kept and no routers are to be accessed. 

If a router sequence is found, during the following step 36, the 
network manager application carries out the requested element management 
20 steps by triggering the DEN routers or configuring the non-DEN routers via 
telnet/CLI or SNMP or by any other way found appropriate. 

Any error or failure occurring during step 36 is registered in the 
management station 14, so that a corresponding message can be dispatched to 
the network administrator 15. 
25 For example, when a target router in the sequence cannot be set 

successfully, the configuration process is stopped and the user is asked what to 
do. He has got two options: 

- stop the operation at once. In such a case, there are two further 

options: 

30 - leave everything as it is, or 

- restore the original model and the original configuration in 
those routers which were set before the error. If an error 
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happens during restoration, it is a fatal inconsistent state, the 
process is stopped immediately and the network 
administrator receives a warning signal. 
- delay the operation until the network administrator inputs contrary 
5 instructions. For example, if the network administrator operates manually on 
the problematic router and solves the problem, the process can continue from 
where it was stopped. 

It is to be noted that the defined configuration operation has to be 
considered as one operation, regardless of the number of target routers. In 
10 order to keep the integrity of the defined operation, the process must be 
considered successful if each target router is set with the new configuration. If 
at least one router cannot be set, then the whole operation must be considered 
to have failed, because part of the target routers have the new configuration 
and the remaining target routers have the old one. 
15 Another requirement is that the network manager application should 

know the state of all managed routers, namely, which routers are successfully 
set during the operation, which routers were not successfully set and what 
managed objects have different settings than the relevant routers. Thus, the 
network administrator always knows the situation in the Directory and in the 
20 network configuration. 



